Inspired by the discussion in this question , a maybe stupid question.
We have all been taught that leaving directories or files on Linux-based web hosting with the permission level of
777 is a bad thing, and to give always as little permissions as necessary.
I am now curious as to where exactly lies the danger of exploitation, specifically in a PHP / Apache context. After all, a PHP script file can be executed from the outside (i.e. through a call to the web server, and subsequently to the interpreter) no matter whether it is marked as "executable", can't it? And the same applies to files called through the command-line
php interpreter, right? So where exactly is the vulnerability with
777 ? Is it the fact that other users on the same machine can access files that are made world writable?
So many great answers, all with conceivable scenarios, I will have to throw the dice on which one to accept! Thanks everyone for the great input.